kubes_google 0.3.9 → 0.3.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/kubes_google/secrets/fetcher.rb +7 -2
  4. data/lib/kubes_google/service_account.rb +15 -8
  5. data/lib/kubes_google/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d593aeda0613c869927cc4a394a6074f2cb0b37a65a300c34e2c1843795665fd
4
- data.tar.gz: 612e010ffb671cbe6fae182be9013c0d0e0a35360ea74a3b241e31852ede785c
3
+ metadata.gz: cb741f591115d3b288978ec1f2c3a442d911bfd4553f0a606eb9c579c32e20bd
4
+ data.tar.gz: 48809f850b487a187ffe12188c9ea7fb2a9446bbdd798b5aaf5a4cc76bf3f784
5
5
  SHA512:
6
- metadata.gz: '03709e5092eb0d4bdee232a60a3bd7369eff75e2b58591716fdc5a9e6d4833c5529740ee488e0a1cc2c04f389bb350e78bdbfd98c3d1b8d34717edd35025be90'
7
- data.tar.gz: 492c3b693b2f44db71b08dabc1a66d1a45e3b776efab24292f438be1c94da5f9caf295c0da36e8c058f3f5b4d5cfff7c3f801135d1aaa164992bda2f7053368e
6
+ metadata.gz: 227d531538e94ce3a1746aa28b3fe9de339e45cf8450edc1171c304d4fc6f49e2041206fe70d0de8620a3a61d583ccb831114a114a50b9f20da15a668faabba7
7
+ data.tar.gz: b44bf02993394a774e6e45225650bd2e952c63080171df243a2fdd6adbedad1284350464a3ee2da1508fcb4fd4a56cf40c7f8b680dc68b0c1b9f94ee4e521162
data/CHANGELOG.md CHANGED
@@ -3,6 +3,12 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.10] - 2022-08-19
7
+ - [#11](https://github.com/boltops-tools/kubes_google/pull/11) Google service account fixes
8
+ - KUBES_MOCK_SECRET ability
9
+ - dont add project iam binding if already exists
10
+ - fix iam service has_role? check
11
+
6
12
  ## [0.3.9] - 2022-02-16
7
13
  - [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
8
14
 
data/lib/kubes_google/secrets/fetcher.rb CHANGED
@@ -10,8 +10,13 @@ class KubesGoogle::Secrets
10
10
  @@cache = {}
11
11
  def fetch(short_name)
12
12
  return @@cache[short_name] if @@cache[short_name]
13
- logger.debug "Fetching secret: #{short_name}"
14
- @@cache[short_name] = fetcher.fetch(short_name)
13
+ if ENV['KUBES_MOCK_SECRET']
14
+ logger.info "KUBES_MOCK_SECRET=1 is set. Mocking secret: #{short_name}"
15
+ @@cache[short_name] = "mock"
16
+ else
17
+ logger.debug "Fetching secret: #{short_name}"
18
+ @@cache[short_name] = fetcher.fetch(short_name)
19
+ end
15
20
  rescue KubesGoogle::VpnSslError
16
21
  logger.info "Retry fetching secret with the gcloud strategy"
17
22
  fetcher = Gcloud.new(@options)
data/lib/kubes_google/service_account.rb CHANGED
@@ -34,14 +34,14 @@ module KubesGoogle
34
34
  logger.debug "Creating GKE IAM Binding"
35
35
  member = "serviceAccount:#{@google_project}.svc.id.goog[#{@namespace}/#{@ksa}]"
36
36
 
37
- found = sh "gcloud iam service-accounts get-iam-policy #{@service_account} | grep -F #{member} > /dev/null"
37
+ found = sh "gcloud iam service-accounts get-iam-policy '#{@service_account}' | grep -F '#{member}' > /dev/null"
38
38
  return if found
39
39
 
40
40
  sh "gcloud iam service-accounts add-iam-policy-binding \
41
41
  --role roles/iam.workloadIdentityUser \
42
- --member #{member} \
42
+ --member '#{member}' \
43
43
  --condition=None \
44
- #{@service_account}".squish
44
+ '#{@service_account}'".squish
45
45
  end
46
46
 
47
47
  def add_roles
@@ -58,21 +58,28 @@ module KubesGoogle
58
58
  end
59
59
 
60
60
  def has_role?(role)
61
- out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
62
- data = JSON.load(out)
61
+ data = project_iam_policies
63
62
  bindings = data['bindings']
64
63
  binding = bindings.find { |b| b['role'] == role }
65
64
  return false unless binding
66
- binding['members'].include?(@service_account)
65
+ binding['members'].include?("serviceAccount:#{@service_account}")
66
+ end
67
+
68
+ @@project_iam_policies = nil
69
+ def project_iam_policies
70
+ return @@project_iam_policies if @@project_iam_policies
71
+ logger.debug "=> gcloud projects get-iam-policy #{@google_project} --format json"
72
+ out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
73
+ @@project_iam_policies = JSON.load(out)
67
74
  end
68
75
 
69
76
  def add_role(role)
70
77
  return if has_role?(role)
71
78
 
72
79
  sh "gcloud projects add-iam-policy-binding #{@google_project} \
73
- --member=serviceAccount:#{@service_account} \
80
+ --member='serviceAccount:#{@service_account}' \
74
81
  --condition=None \
75
- --role=#{role} > /dev/null".squish
82
+ --role='#{role}' > /dev/null".squish
76
83
  end
77
84
  end
78
85
  end
data/lib/kubes_google/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.9"
2
+ VERSION = "0.3.10"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.9
4
+ version: 0.3.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-02-16 00:00:00.000000000 Z
11
+ date: 2022-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -160,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
160
  - !ruby/object:Gem::Version
161
161
  version: '0'
162
162
  requirements: []
163
- rubygems_version: 3.2.32
163
+ rubygems_version: 3.3.12
164
164
  signing_key:
165
165
  specification_version: 4
166
166
  summary: Kubes Google Helpers Library